# Samba TODO ``` TEST: Add echo locDCpass1 | bin/rpcclient ncacn_np:$SERVER -UAdministrator -c getusername echo locDCpass1 | USER=administrator bin/rpcclient ncacn_np:$SERVER -c getusername -> https://gitlab.com/samba-team/samba/-/merge_requests/1271 Migrate s3 client code to cli_credentials -> https://gitlab.com/samba-team/samba/-/merge_requests/1362 SMB.CONF: SMB_SIGNING_VALS="default|off|if_required|desired|required" Create one function translating signing state string to enum see set_cmdline_auth_info_signing_state and enum_smb_signing_vals Add 'server smb encrypt' (done) -> smb encrypt as alias Add 'client smb encrypt' (done) smbclient -e => getop => lp_do_param(client smb encrypt) => cli_creds reads lp_client_smb_encrypt() Add cli_credentials_set_smb_singing(), cli_credentials_set_smb_ipc_signing(), cli_credentials_set_smb_encryption(). - DONE Use cli_creds smb encryption: tig -7 b06e7ea5cbc0e46c0c42d6cdeb3a14f3cf21f1c6 - DONE Check do_connect() in client.c CMDLINE CLI: -> parse popts -> set password callback, if not --use-krb5-ccache and not --use-ccache and not --no-pass and not auth-file --use-kerberos=yes|auto|no|default default only if we add 'client use kerberos' as smb.conf option --use-krb5-ccache imply --use-kerberos=yes --krb5-cache=$PATH - DONE '-U... -k' => --use-kerberos=yes '-k' without -U => --use-krb5-cache --use-krb5-ccache and --use-ccache => not supported, TODO: --use-winbind-ccache that provides generic support for krb5 and ntlm Rename --use-ccache to --use-winbind-ccache (removes --use-ccache?) - DONE Add --smb-signing=$SMB_SIGNING_VALS also set GENSEC_FEATURE_SIGN for desired/required --signing=$SMB_SIGNING_VALS (as legacy) '-S $SMB_SIGNING_VALS' ??? (only smbclient?) '-S' check what smbtorture is actually using Remove -S for signing and use only long option Add --smb-encryption=$SMB_SIGNING_VALS -e => --smb-encryption=required also set GENSEC_FEATURE_SEAL??? => defer to --gensec-protection Remove -e and use only long option Implemented --client-protection=off|sign|encrypt TODO: what about 'net'... break it and use options as above Add the following??? --gensec-client-protection=[default,seal,sign,plain] => see also "ldap client sasl wrapping" => default from "gensec client protection" LATER: TODO: --use-pkinit ``` ## NEW TODO popt pw-nt-hash Remove smb_encrypt from client.c Remove smb_encrypt from cli_cm_connect() Add smb_cmdline_sanity(long_options) POPT_COMMON_LEGACY_S3 POPT_COMMON_LEGACY_S4 client ldap sasl wrapping -> directly use gensec add support for client-protection Remove cli_credentials_set_machine_account_pending()
Last changed by  
Andreas Schneider
267

Read more

Hack together

Run Samba Selftest rlRun "chown -R $USER:$USER $TmpDir" 0 "change owner of $TmpDir to $USER" # Unpacks RPM in $HOME/rpmbuild/SOURCES and unpacks tarball to $HOME/rpmbuild/BUILD rlRun "rpmbuild -rp samba-4.16.2-101.el9.src.rpm" 0 "Unpack RPM and apply patches" rlRun "$SU_CMD CFLAGS='-O1 -g -ggdb -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -fasynchronous-unwind-tables -fstack-clash-protection' ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-fhs --with-piddir=/run --with-sockets-dir=/run/samba --with-modulesdir=/usr/lib64/samba --with-pammodulesdir=/usr/lib64/security --with-lockdir=/var/lib/samba/lock --with-statedir=/var/lib/samba --with-cachedir=/var/lib/samba --disable-rpath-install --with-shared-modules=idmap_ad,idmap_rid,idmap_ldap,idmap_hash,idmap_tdb2,pdb_tdbsam,pdb_ldap,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4,auth_wbc,auth_unix,auth_server,auth_samba4,vfs_dfs_samba4 '--bundled-libraries=!popt,!talloc,!pytalloc,!pytalloc-util,!tevent,!pytevent,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util' --with-pam --with-pie --with-relro --without-fam --with-system-mitkrb5 --with-experimental-mit-ad-dc --disable-glusterfs --with-cluster-support --with-profiling-data --with-systemd --with-quotas --enable-selftest" rlRun "$SU_CMD make -j4" && rlRun "touch /root/make_successful"

6/27/2022
Day of Learning: neovim 0.5.0

by Andreas Schneider Introduction Finally neovim 0.5.0 has been released. This release represents ~4000 commits since v0.4.4, the previous non-maintenance release. Highlights include builtin support for Lanugage Server Protocol (LSP), new APIs for extended marks (with byte resolution tracking of changes) and buffer decorations, as well as vast improvements to lua as a plugin and configuration language. Experimental support for tree-sitter as a syntax engine is also included, building on the new core APIs for byte tracking and decorations. https://github.com/neovim/neovim/commit/a5ac2f45ff84a688a09479f357a9909d5b914294 Till now your config was going to init.nvim. As Vimscript is an interpredted language and slow, neovim supports lua for config files now (init.lua). This makes a lot of stuff faster. However vimscript support will not go away.

7/29/2021
Developing images with darktable's Linear RGB tools

1/9/2020
libssh code audit

9/23/2019
Read more from Andreas Schneider
Published on HackMD